Posts Tagged ‘ios’

Replace a running config without reloading!

Saturday, October 4th, 2008

The new Cisco IOS 12.4 train has many new features that any engineer will find useful; one of the features that fix a pain point for me is the new config options available in 12.4. Have you ever been in a situation where an entered configuration does not work as expected? Now usually you have to back out the configuration one command at a time and hope for the best. Sometimes you may even reach a point where you can not completely remove a configuration without reloading the device, this is the case sometimes when trying to remove sub interfaces. Now if this is a datacenter or work environment then you may not be able to reload the router.
  (more…)

Encrypting GRE tunnels!

Monday, September 8th, 2008

In our Last article we looked at creating GRE tunnels between networks to allow non-routable traffic to pass between remote offices.  GRE tunnels are a great solution however the traffic passing inside these tunnels is not encrypted and thus could be intercepted by unauthorized parties. In this article we are going to look at tunneling GRE inside of IPSEC. This will allow us to get the benefits of GRE and the security of IPSEC.

 

(more…)

An overview of CISCO IOS Security features as related to packet filtering.

Tuesday, January 29th, 2008

 The Cisco IOS has many powerful security features that enable network engineers to protect their internal network. The Cisco IOS is capable of intrusion detection, deep packet inspection, and stateful firewall features. Setting up IPS allows the admin to push intrusion detection to the network edge. The Cisco IPS feature set can scan for spyware, viruses, worms, Trojans, and network intrusions by receiving updated signature files from Cisco. If a packet or series of packets matches a particular signature the router can, send an alert, drop the packet, or reset the connection of the offending user. In this way the network engineer can better protect the network by acting on suspicious packets before they can pose a risk to the network infrastructure, another advantage of pushing IPS duties to the network edge is it allows offending packets to be dropped before they take up finite network resources.  In large networks as much as 10 percent of network resources could be consumed by packets that ultimately will be dropped for security reasons deeper in the network. (more…)

Categories
Support Our site